ā07-05-2021 12:00 AM
Hi,
we're trying to implement a new ftd 2120 in our network. It should replace an old ASA 5505(same ip-addresses).
We've tried it last weekend, it worked so far but we had trouble with the traffic coming from a seperate vpn-gw in the DMZ to our proxy server in the dmz.
From the proxy it was possible to ping the vpn-client but the vpn client wasn't able to reach the proxy. The access controll policies were set to go through while we tried to find the issue. On the ftd you didn't get any hitcounts. The vpn clients are able to reach all the servers in our network that coultd be reached without the proxy. I' ve painted a little sketch.
Any Idea?
Best Regards
Michael
ā07-05-2021 05:21 AM
Make sure proxy have routing table.
ā07-06-2021 03:45 AM
Hi BB,
I think when it is possible to reach the vpn-client via ping than there is a route.
I've had a look at the proxy, there is a default route.
But the vpn-client himself cannot make a connection to the proxy.
Best Regards
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide